Challenges businesses have in securing data

Data security challenges for enterprises

Organizations encounter a variety of external and internal digital difficulties that can corrupt the system, and private and intellectual property of the company can be used in fraud and e-crime (Galliers & Leidner, 2014). The following security threats can be classified in the organization:

Cookies, malware, spam, and infections

Phishing, online frauds, and pharmers are all examples of fraud.

Hackers, cybercrime, and intellectual property theft

Malicious software and malware propagate viruses, Trojans, worms, and spyware via a variety of methods, including;

Files stored on portable storage devices

Visiting contaminated locations

Attachment to an email

Malware is frequently used by hackers to remotely manipulate company computers, destroy and steal passwords (containing information), alter computer hardware, including software, and distribute malware. Junks and spam emails promote fake and non-existing services and products like getting quick schemes, false prizes or lottery wins, or fraudulent and low-quality goods. Cookies track the website visits and have the ability to build the profile of the user's interest and purchasing habits, and report the details to the third party (Galliers & Leidner, 2014).

Online scams and fraudulent websites, as well as emails, may be designed to trick the user into revealing sensitive organizational information that may include passwords, bank account details, and credit card numbers. Phishing utilizes fraudulent emails that claim to be from the trusted sender, for instance, the bank, to get some information. Pharming takes place when the hacker infects the organization's computer and the system with a particular malicious code and directs the user or the customer to a fake website. The two are used for cyber fraud and online identity theft (Galliers & Leidner, 2014).

Complex and sophisticated e-crime entails theft of information and intellectual property like the trademarks and customer credit card details. Hackers find unauthorized access to the business's hardware and information like credit card details to perform cyber fraud. This can corrupt and compromise the online security (Galliers & Leidner, 2014).

Policies and procedures to ensure the protection of data

Various policies should be implemented so as to secure the organizational data to ensure business continuity and information protection (Peltier, 2016). The following security standards must be put in place to ensure a foolproof corporate system;

Confidentiality

Integrity

Availability

Figure 1: Security standards

An organizational system that is secure ensures confidentiality of data is achieved. This implies that it enables individuals to see the only data that they are supposed to see. Confidentiality has various aspects like privacy, secure storage, authenticated users, and granular access control. With regards to privacy, how can the organization ensure the privacy of data communication? Privacy entails a broad aspect. In the business context, privacy may involve trade secrets, competitive analyses, proprietary information of processes and outputs, as well as the purchasing and sales plans. How can the organization ensure that their sensitive data remains private? As soon as the organizational data has been entered, the integrity and privacy of the data must be protected within the database and the servers that control the database. The step ensures the confidentiality of data. How can the designated management individuals who have the right to see data? Authentication is a method of implementing decisions regarding whom to trust with the information. The authentication methods seek to guarantee the identity of the database users: that an individual is who he is, and never an impostor. What extent of data should the user view? Granular access control is the ability to cordon off portions of a given database so that portions of the given database do not become all-or-nothing proportions. For instance, a clerk in the Human Resource department may need to access a particular file to the emp table but may not be permitted to get access salary for the entire organization. The granularity of access control represents the degree to which data set may be differentiated for particular rows, tables, and columns in the database (Peltier, 2016).

Integrity is another critical part that must be implemented in the organization. A secure organizational system ensures that the information contained is valid. Data integrity implies that the data and information in the administrative database are protected from corruption and deletion (Peltier, 2016). Integrity entails many aspects like;

System and objective privilege control access to the various applications so that the only authorized users can alter the data

Referential integrity is the capacity to preserve valid relationship between values contained in the database, according to the guidelines that have been defined

The database must be protected against any attack like viruses that are designed to corrupt the data.

The network traffic must be protected from any form of deletion, eavesdropping, and corruption.

Availability is another aspect of data that must be protected in the business organization. A system that is secure makes data available to the only authorized system users without delay. The denial-of-service attack attempts to block the authorized user the ability to access and use the organization's system when required. There are various types of system availability aspects like resistance, scalability, flexibility, and ease of use. A safe system must be created to fend off any suspicious or deliberate attack that might put the system out of commission. For instance, there must be facilities within the organization's system that prevent any runaway queries. The user profiles must be in check so as to define and limit the available resources that any user might consume. By this, the system can be protected against the user consuming too much memory or running many processes. A secure system ensures that data is stored and transmitted appropriately. Information must be stored properly and conveyed securely so that things like the credit card numbers cannot be stolen. Privacy of communication is necessary so as to ensure that the available data cannot be viewed and modified in transit. The distributed environments bring along with them the possibility of the malicious third party can get through to the computer crime by interfering with the available data as it moves between various sites. Based on scalability, the system performance must remain enough regardless of the number of users and processes demanding service. With regards to flexibility, the administrators must have sufficient means of running the user population. The security implementation must not lessen the ability of the suitable employee to get the work done (Peltier, 2016).

Importance of staff training on security

It is important that the staff understand the importance of protecting personal data; that they are familiar with in the organization, and that the personnel put the security procedures into practice. All the employees and the new employees must be expected to meet the organization's safety procedures and requirements as part of their job description. Once employed, the new recruits must be informed of and trained on the relevant security policies as part of their initial orientation so as to impress the need for security in their workplace. The employees must be trained so as to know the organization's duties under the Data Protection Act and the restrictions on the use of personal and organizational data. This enables the employees to adhere to the required standards when doing business. The employees need to understand the need for protecting data and information so as to understand the responsibilities of individual's role in protecting the data that includes the possibility that they may commit the criminal offense if the workers deliberately try to get access or disclose the organizations business without authority Wirth, A. (2016).

When the employees are trained on the security issues, the personnel get the relevant and proper procedures to perform their duties without breaching the set standards and regulations. Training the employees reduces the dangers of people trying to get organizational data by deception for instance, by pretending to be the person who the data and information pertains or by making phishing attacks. Teaching the personnel makes them understand any restrictions that the organization places on the personal use of the computers like how to avoid virus and spam. The employees are made aware of the methods of responding to the incident like the recovery plan and procedures for limiting the damage to the organization's system. The personnel can assess the risks with ease since they have the relevant knowledge regarding the breach. Apart from training the employees, it is imperative to limit the security briefings to the people at the levels required, keep the people from breaching the defense, impress on the people that you are serious about protecting the system assets, and ensure that they securely handle the assets Wirth, A. (2016).

Part two

Internal memo

To: All the employees.

From: The management

Re: Addressing the issue of new security policies in the workplace

Following the security training was undertaken, I want to make several observations and address various issues regarding security issues with information that will take effect one month from now.

We are all aware that cyber attacks are on the rise and the vice pose a critical challenge in the workplace. In addition to the recent cyber attacks like Target breach and the Identity Theft Resource Center, there have been rises in data breaches that have exposed most organizations to losses. The company wishes to announce new guidelines to reduce any threat or attack on the system;

Only authorized and privileged system users will have the access control to the system and database.

All employees are required never to visit any suspicious site or click on any unauthenticated link.

Passwords must be regularly changed to prevent any intruder from getting access to the system.

Also, we as the management will come up with the Cybersecurity Strategic Plan that will serve as the road map to protect information and fix security issues.

CC: Name, Assistant Administrator

References

Galliers, R. D., & Leidner, D. E. (Eds.). (2014). Strategic information management: challenges

and strategies in managing information systems. London, UK: Routledge.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for

effective information security management. Boca Raton, Fl: CRC Press.

Wirth, A. (2016). The Importance of Cybersecurity Training for HTM Professionals. Biomedical

Instrumentation & Technology, 50(5), 381-383.